Tech companies both big and small are always looking for new ways to protect their customers from the threat of malware. While that’s not something that hardware vendors are known for, Intel has leapt into the fray with a recent announcement about CPU-level Malware protection.
Their planned “Tiger Lake” mobile processors will offer CPU-level malware protection features.
Tom had this to say about the planned malware protection features:
“Intel CET is designed to protect against the misuse of legitimate code through control-flow hijacking attacks. This is a widely used technique in large classes of Malware. Intel has been actively collaborating with Microsoft and other industry partners to address control-flow hijacking by using Intel’s CET technology to augment previous software-only control-flow integrity solutions.”
Intel’s CET provides two new capabilities to guard against control-flow hijacking malware: Indirect Branch Tracking (IBT) and Shadow Stack (SS). Collectively, these two new tools work by defeating malware designed to use ROP (Return Oriented Programming), JOP (Jump Oriented Programming), and COP (Call Oriented Programming).
“The significance of Intel CET is that it is built into the microarchitecture and available across the family of products with that core. While Intel vPro platforms with Intel Hardware Shield already meet and exceed the security requirements for Secure-core PCs, Intel CET further extends advanced threat protection capabilities….when used properly by software, [it] is a bit step in helping prevent exploits from hijacking the control-flow transfer instructions.”
As mentioned, the new capabilities will initially roll out for mobile processors. The company has plans in the work to expand the microarchitecture into desktop and server platforms as well.
This is good news and we’re excited to see the hardware‘s capabilities in action. Of course, it remains to be seen how effective the new protections will be, but industry experts are cautiously optimistic.